[Mono-dev] Remothing through HTTPS

Yngve Zackrisson yngve.zackrisson at mobila-kontoret.se
Wed Sep 7 05:15:06 EDT 2005

Hi all.

I am doing an remoting application 
and have a Win32 Client with MS .NET v1.1
and a Linux (Fedora Core 3 x86) Server with Mono

The different clients will call the remote objects methods 
on the server. 
Among other things the clients will upload a file to the server. 
I (now) only uses "normal" calls to upload a file - 
no "callbacks" any more.
The server will be located at our place.
The clients will be users of "services", running on our server.
The remote objects is currently hosted by an Console application, 
but is planned to be hosted by a Windows service (on Linux / Mono :-)).
I have gotten this working with HTTP.

I now will try to do this with HTTPS (on port 443), 
to get a secure tunnel between the client and the server.

We would like to use SSL with both encryption and authentication, 
through x509 certificates.
The certificates should (preferable) be self signed.

>From my testings and readings I have found that: 
1) My Win32 client uses Tls.
2) The Win32 client certificates should be:
   a) Set in the ClientCertificates property of the HttpWebRequest.
   b) The client certificate must be installed in 
      the LOCAL_MACHINE registry hive.
   (Se: KB895971 at http://support.microsoft.com/?kbid=895971).
3) .NET prefer the DER format (called .cer) 
   but may also use the .p12 format.
4) From the Microsoft .NET documentation, 
   I have found support only for certificate authentication 
   through ASP.NET/IIS-hosting - In MS .NET v1.1.
5) There is some support for SSL in Mono, 
   and I have succeeded to install certificates in Mono through certmgr 
   (but I may have done it wrong. No real test yet).

What I wonder is weather this approach gonna work with .NET Remoting 
and with different Win32 MS .NET clients calling a Linux Mono server?.

Do I have to customize any part of the SSL handshake?.

On the remote objects methods, I would like to have 
access checks on the users .NET Roles.
Is it possible to impersonate the principal and add .NET Roles 
to that principal when the remote objects is hosted in 
a Console application or a Windows service (in Linux / Mono)?.

Further, I am not really sure about how to set up the certificates 
on the Mono server for SSL.
I assume the the certificates should be placed in the machine store.
I have the certificates in DER (.cer) format.
Should the CA certificate be placed in the CA store 
or in the Trust store?. Any more to think about?.

I assume that the server certificate should be placed 
in the Trust store (of the machine store).
I hope this is right.

// Regards 

Yngve Zackrisson.

More information about the Mono-devel-list mailing list